WO2022068322A1 - Accès à un logiciel par chiffrement hétérogène - Google Patents

Accès à un logiciel par chiffrement hétérogène Download PDF

Info

Publication number
WO2022068322A1
WO2022068322A1 PCT/CN2021/106794 CN2021106794W WO2022068322A1 WO 2022068322 A1 WO2022068322 A1 WO 2022068322A1 CN 2021106794 W CN2021106794 W CN 2021106794W WO 2022068322 A1 WO2022068322 A1 WO 2022068322A1
Authority
WO
WIPO (PCT)
Prior art keywords
program
encrypted
payload
heterogeneous
attributes
Prior art date
Application number
PCT/CN2021/106794
Other languages
English (en)
Inventor
Marco Simioni
Stefano Braghin
Original Assignee
International Business Machines Corporation
Ibm (China) Co., Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corporation, Ibm (China) Co., Limited filed Critical International Business Machines Corporation
Priority to JP2023518437A priority Critical patent/JP2023542527A/ja
Priority to DE112021005119.9T priority patent/DE112021005119T5/de
Priority to CN202180066382.6A priority patent/CN116249980A/zh
Priority to GB2305751.6A priority patent/GB2614677A/en
Publication of WO2022068322A1 publication Critical patent/WO2022068322A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing

Definitions

  • the present disclosure relates to software access, and more specifically, to providing access to various programs of software through encryption.
  • Software may be provided to one or more parties through a software distribution mechanism such as physical copies or network access to software. It remains a technical and security issue to control access to software only by authorized parties.
  • a method, system, and computer program product are disclosed.
  • a first copy of a heterogeneous program payload is provided to a first computing device.
  • the heterogeneous program payload contains an unencrypted component and a set of one or more encrypted components.
  • the set of encrypted components corresponding to a set of one or more programs.
  • the unencrypted component of the heterogeneous program payload includes loader program code configured to receive a first license key.
  • the loader program code is configured to, in response to receiving the first license key, perform a decryption action against the set of encrypted components of the heterogeneous program payload.
  • FIG. 1 depicts the representative major components of an example computer system that may be used, in accordance with some embodiments of the present disclosure
  • FIG. 2 depicts a cloud computing environment according to an embodiment of the present invention
  • FIG. 3 depicts abstraction model layers according to an embodiment of the present invention
  • FIG. 4 depicts a system of heterogeneous encrypted software (HES) security (HESS) to secure one or more programs of a software payload, consistent with some embodiments of the disclosure;
  • HES heterogeneous encrypted software
  • FIG. 5 depicts an example method of HES executed by a client system, consistent with some embodiments of the disclosure.
  • FIG. 6 depicts an example method for creation of components of an HES for providing to a client system, consistent with some embodiments of the disclosure.
  • aspects of the present disclosure relate to software access; more particular aspects relate to providing access to various programs of software through encryption. While the present disclosure is not necessarily limited to such applications, various aspects of the disclosure may be appreciated through a discussion of various examples using this context.
  • Software is a core portion of operating computers.
  • Software may be a collection of programs.
  • Each program of software may come in the form of an executable files configured to perform a plurality of operations for users.
  • a word processor may be a kind of software configured to receive input from a user to generate a textual document.
  • Software may come in the form of differently configured versions or variants of executable code configured to perform various programs or operations for users.
  • an image editor may include a first configuration that has a subset of 1, 110 features.
  • a second configuration of the image editor may include a full set of over 3,000 features.
  • Software may come in the form of a suite of related or unrelated programs.
  • a productivity suite may include a word processor and a presentation creator.
  • the word processor may include a first plurality of features that are able to operate independently.
  • the presentation creator may include a second plurality of features that are able to operate independently. Both the word processor and the presentation creator may include additional interrelated features such as the ability to export or import drawings, text, or other elements between the word processor and the presentation creator.
  • control of software may be a significant security issue.
  • third parties may tamper with software and may be able to access the different programs that make up a given software.
  • the tampering may be malicious, in that viruses or information harvesting techniques may be employed.
  • the malicious tampering or other access to the software may become a huge technical problem.
  • malicious tampering of software may cause the software to no longer successfully operate or may cause data loss.
  • One approach to securing software is to generate a unique version of a binary for every purchaser of software.
  • a software provider may compile, build, or otherwise generate a first software executable for a first client of the software.
  • the software provider may further generate a second software executable for a second client of the software.
  • Generating custom versions of software for each user may have drawbacks. For example, each version created may create complexity, in that each version may include duplicate lines of code or additional logic. The added complexity may further increase the memory footprint or processing cycles required to successfully execute the software. If only one or two different clients are desirous of a version of software, it might be possible to create customized versions of the software.
  • license string-based software distribution Another approach to securing software is a license string-based software distribution.
  • a creator of the software generates an unencrypted string (e.g., a key string; a series of letters, numbers, and symbols; a license file) for each client of the software.
  • the software may ship with every version, component, feature, or other relevant variant bundled into a payload (e.g., a distributable version of the software) .
  • the software may also include the capability to accept the license string read the values of the license string and determine the various variants of the software that are permitted access by the client.
  • a first user may have a first license string that permits access to a first variant of the software, such as features two, five, and seven of twelve possible variants.
  • a second user may have a second license string that permits access to a second variant of the software, such as features one, two, three, five, and seven of twelve possible variants.
  • Each license string may include one or more embedded properties, characters, values or other relevant attributes.
  • the embedded attributes may correspond to the various variants of the software.
  • a first attributes in the license string may correspond to a first software variant
  • a second attributes in the license string may correspond to a second software variant.
  • the software may include logic or code configured to accept the license string, read and process the various attributes, and responsively grant access to the variants of the software.
  • the license string-based approach may have additional drawbacks.
  • the software may be subject to debugging or other attacks to determine the attributes of the license string.
  • a malicious third party may execute the software in a debugger, and during runtime the software may be monitored.
  • the logic in the software that controls the access to the various components, features, configurations or programs of the software may be monitored to determine what particular flag, key, attribute, or value is responsible or corresponds to the various configurations.
  • a malicious third party may monitor program execution of the software and determine that an attribute in the fourth position of a license string corresponds to the ability to granting permission to execute a first program of the software.
  • the license string-based approach may also be reverse engineered.
  • a malicious third party may decompile the software and may determine from the decompiled source code the logic of the access control program in the software.
  • a malicious third party may monitor a memory space of the software as it is executed by a processor. While monitoring the memory spaces, the malicious third party may be able to determine the various attributes that correspond to access to various programs of the software. Once the various attributes of the value are determined, it may be trivial to share or distribute these variants to other parties. For example, a malicious third party may share on the Internet a license string with values that grant access to every program of the software.
  • Another drawback is that through de-compilation or other malicious techniques it may be possible to identify the various components or programs that are being access controlled and extract them for use. For example, a malicious third party may perform a deconstruction technique to retrieve or access the various programs that make up the software. Once the malicious third party has access to the various programs, the third party may recompile or create a new version of the software that does not have any license string-based access control logic. This new version of the software may be executable by the malicious third party without any license string or other access control.
  • Software creators may attempt to make these malicious techniques more difficult. For example, software creators may attempt to create more complicated algorithms that perform various steps to obfuscate or make observation or interception of the programs that grant access to the various components of the software.
  • the more complicated algorithms may be successful only under limited circumstances.
  • the more complicated algorithms of access control programs may include the use of large amounts of memory or many processing cycles. These may be beneficial only on computers with large amounts of memory, such as mainframe servers or super computers.
  • software is executed on computers with more limited resources that cannot perform the complicated algorithms. For example, a smartphone may not be able to perform, because of a lack of random-access memory (RAM) , the complicated algorithm associated with access control of the other programs of the software.
  • an embedded processor in an internet of things (IoT) device may be able to perform the complicated algorithms after processing for days or weeks making the security impractical for use on the IoT device.
  • IoT internet of things
  • Another approach to software security may be a network-based software security technique.
  • the software connects through a network (e.g., the Internet) to a central server for verification that the client is permitted to operate the software.
  • the software may only operate while it receives a signal from the central server.
  • This network-based software security technique has many additional drawbacks.
  • the technique may be falsely mimicked by a third party. For example, a malicious third party may monitor the network traffic from a copy of the software as it executes on a given client and communicates with the central server. The signals and other relevant network traffic between may be recorded or the logic of verification may be reverse engineered through the monitoring.
  • the malicious third party may generate similar signals responsive to the software and may falsely indicate to the software that it is the central server.
  • the network-based technique may be resource intensive. For example, a software creator may expend significant resources on owning and operating the various components of the central server and the network bandwidth associated with making the central server available to all the clients.
  • the network-based technique may be unreliable. Specifically, due to a central server outage, or network availability issue, the ability of a given client to authenticate may be comprised. For example, a user may have smartphone and a copy of the software; the copy of the software may be configured to communicate with the central server to verify the security of the software to execute. If the smartphone loses network connectivity, even accidentally, the copy of the software may no longer execute as the access control is no longer available.
  • a network-based technique may not technically be possible in some practical situations. Specifically, some clients of the software may operate computers that are air-gapped system. An air-gapped system may be a system that is not communicatively coupled to any other computers.
  • An air-gapped system may be required for a particular client.
  • a client may for increased security operate a system in a particular industry (e.g., financial, health, defense) , that has a security or privacy requirement.
  • the client may, for secure operation, not communicatively connect to any other computers and may perform processing without a network connection. Without a network connection, a network-based technique may not successfully verify one or more programs and the software may not be operable.
  • Heterogeneous encrypted software security may perform with one or more advantages and features in comparison to other forms of securing software.
  • HESS may operate, in part, by encrypting one or more programs that constitute software into a set of one or more encrypted components; the set of one or more encrypted components may be combined with an unencrypted component to form a heterogeneous program payload.
  • programs may be one or more program code files, such as from an interpreted language, arranged in one or more folders and compressed into a program package (e.g., Java program code in a JAR file) .
  • one or more source code files such as from a compiled language, may be compiled together into a series of binary values of a program executable.
  • a portion of the programs that make up the payload may be encrypted with a first encryption process.
  • portions of the payload could be encrypted with symmetric encryption algorithms such as AES-128 or higher key length, or with asymmetric encryption algorithms such as RSA-2048 or ECDSA-224 or higher key length, or with attribute based encryption schemes such as a key-policy attribute-based encryption scheme (KP-ABE) or a KP-ABE with constant size ciphertext.
  • KP-ABE key-policy attribute-based encryption scheme
  • KP-ABE KP-ABE with constant size ciphertext
  • the heterogeneous program payload may have a set of one or more encrypted components that correspond to the one or more programs.
  • the encryption process may be directed only to a portion of the components (e.g., the set of one or more programs) .
  • another program, or programs may remain unencrypted in the heterogeneous program payload.
  • a program such as a loader program may remain an unencrypted component of the heterogeneous program payload.
  • a program and any related or supported libraries or runtimes may remain a series of unencrypted bits in a binary executable; the executable may also include a series of encrypted bits that include the set of encrypted components.
  • a program distributable such as a JAR file, may have one or more code files and folders that correspond to the unencrypted portion of the heterogeneous program payload.
  • the heterogeneous program payload of the HESS may operate in conjunction with a key, such as a license key.
  • the heterogeneous program payload may be distributed, together or separately with a key, to one or more computing systems.
  • the HESS may be in the form of the heterogeneous program payload and a plurality of keys.
  • a key may be generated for each potential client machine that is configured to operate a copy of the heterogeneous program payload.
  • Each key may include one or more encrypted program attributes that correspond to the various programs in the heterogeneous program payload.
  • a first key may include thirty alphanumeric characters that are an encrypted form of attributes.
  • the encrypted program attributes may be one or more, letters, characters, symbols and the like that represent an encrypted form of the program attributes that grant permission to access a subset of the set of programs that are encrypted in the set of encrypted components.
  • Each key may be different than any other key.
  • each key of the HESS may be constructed in such a way that the set of one or more encrypted program attributes is different for each key. Stated another way, two keys that grant the same permissions to the heterogeneous program payload do not share encrypted program attributes.
  • a first key may include one or more program attributes that permit operation of only a first program of the set of programs of a heterogeneous program payload.
  • a second key may include the same one or more program attributes that also permit operation of only the first program.
  • the first key may be encrypted such that one or more program attributes are in the form of a first set of one or more encrypted program attributes.
  • the second key may also be encrypted such that the one or more program attributes are also in the form of encrypted program attributes, but are in the form of a second set of one or more encrypted program attributes. By inspection, it may not be determinable, knowable, or otherwise ascertainable to determine the program attributes, as only the encrypted program attributes may be observable.
  • the unencrypted component of the heterogeneous program payload may contain code configured to operate with and provide access to the set of encrypted components that form the rest of the payload.
  • the unencrypted component of the heterogeneous program payload may be configured as a loader program code ( “loader” ) .
  • the loader of the heterogeneous program payload of the HESS may be configured to receive the key and perform one or more decryption techniques.
  • the decryption techniques of the heterogeneous program payload may be self-decrypting techniques.
  • the loader program of the heterogeneous program payload may be configured to accept one or more commands directed towards the set of encrypted components.
  • a user may initiate a request to perform execution of a first program that is encrypted in a first encrypted component of the one or more components.
  • the user may operate by providing input to perform operation of the program to the loader.
  • the HESS may be configured to protect a productivity suite that comes in the form of software including a set of encrypted components including a text editor program and an image editor program.
  • the user may begin operation of the HESS by sending a command to execute the text editor program to the loader.
  • the loader program code may be configured to receive the key and perform a decryption action on the first encrypted component.
  • the loader may be configured to receive a key, perform a decryption action on the key and determine the validity of the key to access the program stored in an encrypted component of the heterogeneous program payload. For example, if the key contains an encrypted program attribute that, upon decryption by the loader, contains a program attribute corresponding to a requested program, the load may be configured to decrypt the program and load the program into a primary memory for execution. In another example, if the key contains an encrypted program attribute that, upon decryption by the loader, does not contain a program attribute that corresponds to a requested program, the loader may be configured to deny execution of an encrypted component that contains the program.
  • the heterogeneous program payload may be technically advantageous to other forms of key and executable distribution.
  • the values of the keys of the HESS may be resistant to malicious attacks.
  • a HESS may only operate on keys that include encrypted program attributes, while license string-based techniques may operate on unencrypted values.
  • a malicious third party may not be able to read one or more program attributes that are encrypted in the encrypted program attributes of the key.
  • the loader may be configured only to decrypt a specific program that corresponds to an encrypted program attribute, without specifically generating an unencrypted program attribute.
  • the loader may operate only by taking as programmatic input the key and the request for execution of a first program in the form of a program execution instruction of the first program.
  • the output of the loader may only be the execution of the first program, but may not include the unencrypted program attribute that corresponds to the first program.
  • the loader program may operate with reduced resources comparted to other techniques.
  • a simpler form of calculations and decryption algorithms may be performed by the loader than other techniques, such as license string-based security techniques.
  • the decryption techniques may rely on a complex set of processes, or a dedicated set of circuits or encrypted elements.
  • the specialized decryption processes of other techniques may be limited to only a smartphone or other portable computing device that has the specific hardware or significant processing power.
  • the decryption process of the loader may be a process that operates with relatively low-resource usages -such as a computer process that uses only a few kilobytes of primary memory and executes only using a few dozen processing cycles.
  • the HESS may perform decryption while being resilient to malicious third-party observation or debugging.
  • the loader program code may be decompiled or debugged, but the decryption technique of the loader may be one that does not reveal the program attributes.
  • the loader may operate by performing a decryption action that is unobservable.
  • the code decrypted by the loader program may still be a form of encrypted code, similarly to what techniques described as “secure” or “secret” code execution.
  • Homomorphic Encryption techniques could be used such that the encrypted payload can still be executed, while still preventing an attacker from observing the code.
  • limited operations may be able to be observed, but the operations performed by the loader may not at any point present, reveal, or otherwise permit access to the unencrypted program attributes.
  • the loader program steps may only reveal a pointer, reference, or other indication of a section or portion of the set of encrypted components, but may not refer to, disclose, or otherwise reveal the actual programs stored in the encrypted components.
  • the loader code may not include any access-control logic.
  • the loader code may not include any program code that indicates or selects a particular component that should be decrypted.
  • the license key may store, in an encrypted form such as the encrypted program attributes, a direction, pointer, or other relevant reference to a particular program. The operation of decryption may yield the pointer or reference, unencrypted from the encrypted program attributes of the license key, to the particular programs.
  • the loader of the heterogeneous program payload may never reveal or otherwise store in plaintext a copy of all the unencrypted programs or any access-control or program attributes that grant permission to the programs stored in the encrypted components. Further, the loader may only decrypt a portion of the encrypted components.
  • a first heterogeneous program payload includes a set of three encrypted components and an unencrypted component that includes loader program code for the set.
  • the first encrypted component may be decrypted into a secure portion of primary memory.
  • the second and third encrypted components may not be unencrypted; and, upon receiving only the first license key, may not ever be decrypted by the loader.
  • the HESS may operate on an air-gapped machine.
  • the heterogeneous program payload may be partially self-decrypting.
  • the loader program code of the heterogeneous program payload may operate without needing a network connection.
  • the loader of the heterogeneous program payload may operate without communicating to other computers.
  • the loader may operate with only access to input regarding which programs (stored in the set of encrypted components) and access to a license key.
  • the HESS may be relatively simple to maintain.
  • the heterogeneous program payload may contain all components, features, and other programs in a variety of configurations for distribution in a single payload.
  • a first license key may include an encrypted program attribute that permits only a first encrypted component to be decrypted and executed.
  • a second license key may include a plurality of encrypted program attributes that permit a plurality of encrypted components to be decrypted and executed. If a new version is to be created, then the software creator may only need to maintain a single heterogeneous program payload for every particular client and the variety of features or variants may be controlled only by a combination of the license key and the loader program code stored in the unencrypted component.
  • FIG. 1 depicts the representative major components of an example computer system 100 (alternatively, computer) that may be used, in accordance with some embodiments of the present disclosure. It is appreciated that individual components may vary in complexity, number, type, and/or configuration. The particular examples disclosed are for example purposes only and are not necessarily the only such variations.
  • the computer system 100 may include a processor 110, memory 120, an input/output interface (herein I/O or I/O interface) 130, and a main bus 140.
  • the main bus 140 may provide communication pathways for the other components of the computer system 100.
  • the main bus 140 may connect to other components such as a specialized digital signal processor (not depicted) .
  • the processor 110 of the computer system 100 may be comprised of one or more cores 112A, 112B, 112C, 112D (collectively 112) .
  • the processor 110 may additionally include one or more memory buffers or caches (not depicted) that provide temporary storage of instructions and data for the cores 112.
  • the cores 112 may perform instructions on input provided from the caches or from the memory 120 and output the result to caches or the memory.
  • the cores 112 may be comprised of one or more circuits configured to perform one or more methods consistent with embodiments of the present disclosure.
  • the computer system 100 may contain multiple processors 110.
  • the computer system 100 may be a single processor 110 with a singular core 112.
  • the memory 120 of the computer system 100 may include a memory controller 122.
  • the memory 120 may include a random-access semiconductor memory, storage device, or storage medium (either volatile or non-volatile) for storing data and programs.
  • the memory may be in the form of modules (e.g., dual in-line memory modules) .
  • the memory controller 122 may communicate with the processor 110, facilitating storage and retrieval of information in the memory 120.
  • the memory controller 122 may communicate with the I/O interface 130, facilitating storage and retrieval of input or output in the memory 120.
  • the I/O interface 130 may include an I/O bus 150, a terminal interface 152, a storage interface 154, an I/O device interface 156, and a network interface 158.
  • the I/O interface 130 may connect the main bus 140 to the I/O bus 150.
  • the I/O interface 130 may direct instructions and data from the processor 110 and memory 120 to the various interfaces of the I/O bus 150.
  • the I/O interface 130 may also direct instructions and data from the various interfaces of the I/O bus 150 to the processor 110 and memory 120.
  • the various interfaces may include the terminal interface 152, the storage interface 154, the I/O device interface 156, and the network interface 158.
  • the various interfaces may include a subset of the aforementioned interfaces (e.g., an embedded computer system in an industrial application may not include the terminal interface 152 and the storage interface 154) .
  • Logic modules throughout the computer system 100 may communicate failures and changes to one or more components to a hypervisor or operating system (not depicted) .
  • the hypervisor or the operating system may allocate the various resources available in the computer system 100 and track the location of data in memory 120 and of processes assigned to various cores 112. In embodiments that combine or rearrange elements, aspects and capabilities of the logic modules may be combined or redistributed. These variations would be apparent to one skilled in the art.
  • Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service.
  • This cloud model may include at least five characteristics, at least three service models, and at least four deployment models.
  • On-demand self-service a cloud consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the service’s provider.
  • Resource pooling the provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. There is a sense of location independence in that the consumer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter) .
  • Rapid elasticity capabilities can be rapidly and elastically provisioned, in some cases
  • Measured service cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts) . Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
  • level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts) .
  • SaaS Software as a Service: the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure.
  • the applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based e-mail) .
  • a web browser e.g., web-based e-mail
  • the consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
  • PaaS Platform as a Service
  • the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
  • IaaS Infrastructure as a Service
  • the consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls) .
  • Private cloud the cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premises or off-premises.
  • Public cloud the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
  • Hybrid cloud the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds) .
  • a cloud computing environment is service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.
  • An infrastructure that includes a network of interconnected nodes.
  • cloud computing environment 50 includes one or more cloud computing nodes 10 with which local computing devices used by cloud consumers, such as, for example, personal digital assistant (PDA) or cellular telephone 54A, desktop computer 54B, laptop computer 54C, and/or automobile computer system 54N may communicate.
  • Nodes 10 may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as Private, Community, Public, or Hybrid clouds as described hereinabove, or a combination thereof.
  • This allows cloud computing environment 50 to offer infrastructure, platforms and/or software as services for which a cloud consumer does not need to maintain resources on a local computing device.
  • computing devices 54A-N shown in FIG. 2 are intended to be illustrative only and that computing nodes 10 and cloud computing environment 50 can communicate with any type of computerized device over any type of network and/or network addressable connection (e.g., using a web browser) .
  • FIG. 3 a set of functional abstraction layers provided by cloud computing environment 50 (FIG. 2) is shown. It should be understood in advance that the components, layers, and functions shown in FIG. 3 are intended to be illustrative only and embodiments of the invention are not limited thereto. As depicted, the following layers and corresponding functions are provided:
  • Hardware and software layer 60 includes hardware and software components.
  • hardware components include: mainframes 61; RISC (Reduced Instruction Set Computer) architecture based servers 62; servers 63; blade servers 64; storage devices 65; and networks and networking components 66.
  • software components include network application server software 67 and database software 68.
  • Virtualization layer 70 provides an abstraction layer from which the following examples of virtual entities may be provided: virtual servers 71; virtual storage 72; virtual networks 73, including virtual private networks; virtual applications and operating systems 74; and virtual clients 75.
  • management layer 80 may provide the functions described below.
  • Resource provisioning 81 provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment.
  • Metering and Pricing 82 provide cost tracking as resources are utilized within the cloud computing environment, and billing or invoicing for consumption of these resources. In one example, these resources may include application software licenses.
  • Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources.
  • User portal 83 provides access to the cloud computing environment for consumers and system administrators.
  • Service level management 84 provides cloud computing resource allocation and management such that required service levels are met.
  • Service Level Agreement (SLA) planning and fulfillment 85 provide pre-arrangement for, and procurement of, cloud computing resources for which a future requirement is anticipated in accordance with an SLA.
  • SLA Service Level Agreement
  • Workloads layer 90 provides examples of functionality for which the cloud computing environment may be utilized. Examples of workloads and functions which may be provided from this layer include: mapping and navigation 91; software development and lifecycle management 92; virtual classroom education delivery 93; data analytics processing 94; transaction processing 95; and an HESS 96.
  • FIG. 4 depicts a system 400 of heterogeneous encrypted software security (HESS) to secure one or more programs of a software payload, consistent with some embodiments of the disclosure.
  • System 400 may be one or more components of a computing device that are performing operation of secure software executing.
  • Computing device may be a client device, such as computer 100.
  • System 400 may include a plurality of hardware including the following: a processor 410, a secondary memory 420, and a primary memory 430.
  • System 400 may also include an input (not depicted) to receive commands for performing execution by the processor 410. For example, receiving a command from a first program or user to execute other programs or subroutines.
  • the secondary memory 420 may facilitate the storage or retention (either temporary or more permanently) of programs and executable code for providing to the processor 410 and the primary memory 430.
  • secondary memory 420 may be a storage device, such as a hard disk drive or solid-state storage device or other computer component configured to store one or more bits of data.
  • primary memory 430 may be a random-access memory (RAM) and may receive data from the secondary memory 420.
  • secondary memory 420 be RAM and primary memory 430 may be one or more registers or caches of processor 410.
  • System 400 may be configured to receive and execute secure software. Specifically, system 400 may be configured to receive a license key (key) 440 and a copy of a heterogeneous program payload (payload) 450.
  • the payload 450 may be provided by a separate computing device, such as a server or cloud computing environment 50.
  • the payload 450 may be generated by the separate computing device before being provided to system 400.
  • the key 440 may also be provided by a separate computing device before being received by system 400.
  • the key 440 and the payload 450 may be stored in secondary storage 420 of system 400.
  • the key 440 may include a set of one or more encrypted program attributes 442-1 and 442-2 (collectively, 442) .
  • the set of encrypted program attributes 442 may be an encrypted series of characters that contain a set of one or more program attributes (not depicted) .
  • the set of program attributes may be references, pointers, or other relevant program values.
  • the payload 450 may include an unencrypted component 452 and a set of one or more encrypted components 454-1, 454-2, up to 454-N (collectively, 454) .
  • the payload 450 may be an executable file or archive.
  • payload 450 may be a binary file that is executable by processor 410 of system 400.
  • payload 450 may be an executable archive that includes a plurality of files and folders (not depicted) for execution by processor 410.
  • the unencrypted component 452 may be executable and responsive to one or more commands, inputs, requests, and the like.
  • unencrypted component 452 may be configured as a loader program code (loader) that is configured to receive program execution requests.
  • the loader 452 may be configured to execute other portions of payload 450.
  • the loader 452 may load, for example, other runtimes, libraries, code objects, and the like that are unencrypted.
  • the loader 452 may also be configured to conditionally operate other portions of payload 450. Specifically, the loader 452 may only load or execute one or more of the encrypted components 454 indirectly.
  • the loader 452 may only decrypt a single encrypted component of the set of encrypted components 454, and upon a successful decryption a now decrypted component of the set of encrypted components 454 may launch automatically. Further, and for increased security, only certain encrypted components 454 may ever be decrypted and some encrypted components 454 may never be decrypted depending on the key 440. For example, any program, component, or feature (stored in a given encrypted component 454) that is not specified to be executed will not be decrypted by unencrypted component 452.
  • other systems or other keys may be provided with a different set of encrypted attributes.
  • the different set of encrypted attributes of another key may include program attributes that would permit execution of certain encrypted components 454. For example, if at a later time system 400 was provided with a new key that included additional encrypted attributes, an execution of the first copy of the payload 450 may permit execution of other programs, components, or features, stored in the encrypted components 454.
  • a first request 460 may be received by processor 410 of system 400.
  • the processor 410 may receive the first request 460, and responsively may execute a first instance 470 of the payload 450.
  • the first payload instance 470 may include a first instance of the unencrypted component 472 and the set of encrypted components 474-1, 474-2, up to 474-N (collectively, 474) .
  • the first request 460 may be directed to a first program of a set of programs, that are encrypted in the set of encrypted components 474.
  • the first request 460 may be an execution request to the first program.
  • the first payload instance 470 may also be configured to verify the validity of the key 440 (e.g., by being provided the key 440 as an argument on execution, or by retrieving the key 440 responsive to the first request 460) .
  • the request 460 may be in the form of input from a user through a graphical user interface (e.g., a click from a mouse on a menu) or a command line instruction.
  • the first request 460 may be directed to payload 450 that is a Java JAR file named “mySoftware. jar with a key 440 named “myLicense. key” and requesting that a program 474-1 named “TextTyper” be executed.
  • the first request 460 may appear as “java –jar mySoftware. jar -l myLicense. key -t TextTyper” in a command line.
  • processor 410 may execute first payload instance 470, and loader 472 may decrypt encrypted component 474-1 using key 440.
  • the encrypted attributes 442 of key 440 may include encrypted binary values that specify which components the key can decrypt, and labels that characterize the protected functionality.
  • the execution of program 474-1 may be secured from observation by the rest of system 410.
  • a homomorphic encryption technique may be employed.
  • first payload instance 470 may be sandboxed from other processes that execute in primary storage 430.
  • the encrypted components 474 of the first payload instance 470 may include a first encrypted copy of a symmetric key (not depicted) and the key 440 may also include a second encrypted copy of the symmetric key. Any encrypted component 474 that does not receive a copy of the symmetric key that is encrypted in the key 440 may not execute. Consequently, a malicious program that intercepts the first instance of program 474-1 after decryption and while present in primary storage 430 may not be able to make a copy that is executable without also possessing a copy of the symmetric key.
  • a second request 480 may be received by processor 410.
  • the processor 410 may receive the second request 480, and responsively may execute a second instance 490 of the payload 450.
  • the second payload instance 490 may include a second instance of the unencrypted component 492 and the set of encrypted components 494-1, 494-2, up to 494-N (collectively, 494) .
  • the second request 480 may be directed to a second program of a set of programs, that are encrypted in the set of encrypted components 474. Specifically, the second program may be encrypted in encrypted component 494-2.
  • the second request 480 may also be accompanied with the key 440.
  • the key 440 may have a set of encrypted attributes but may not have an encrypted attribute that corresponds to the encrypted component 494-2.
  • the unencrypted component 492 may attempt to perform execution of a second program in the request 480.
  • the unencrypted component 492 code may not include any logic to locate or perform access control or reveal any information about the encrypted components 494.
  • the second request 480 may be directed to a program named “PicturePainter” and may include key 440.
  • the encrypted attributes 442 may correspond to programs that are not the “PicturePainter” program.
  • Unencrypted component 492 may only contain code that executes a decryption routine using the provided key. The code may not reveal the unencrypted data of any component. All of the encrypted components 494 may remain encrypted based on this second example.
  • FIG. 5 depicts an example method 500 of HESS executed by a client system, consistent with some embodiments of the disclosure.
  • Method 500 may be executed by a computer, such as computer system 100.
  • Method 500 may be executed responsive to a user instructing a computer to execute secure software that is provided to the computer.
  • a memory stick may contain a copy of heterogeneous program payload (payload) , such as payload 450.
  • the computer that executes method 500 may be connected to a network, such as the Internet.
  • method 500 may be executed on an air-gapped computer.
  • a computer executing method 500 may be isolated from other computers, servers, and the like, or may otherwise not be communicatively coupled directly (or indirectly through a network) to any other processing devices.
  • Method 500 begins at 505, when a payload is executed at 510.
  • the payload may be executed by receiving a command line argument to begin performing execution of the program.
  • the payload may be executed, at 510, periodically, such as by a batch process or script on a computer.
  • a license key may be input to the payload.
  • the key may be input as part of the execution of the payload at 510.
  • the license key may be a command line argument that is provided as part of the execution of the payload.
  • the key may be input after execution of the payload at 510.
  • the license key may be located locally on a storage device, in a logical folder, or other relevant computing construct.
  • an unencrypted component such as a verification and loading program, may begin by requesting that a license key be provided.
  • a user or program may input the license key to the unencrypted component of the payload at 520.
  • a program execution instruction may be received at 530.
  • the program execution instruction may be received by the payload 510.
  • the program execution instruction may be a selection from a script, user, or other program, to begin execution of a first program.
  • the program execution instruction may be received at time of execution of the payload 510.
  • the program execution instruction may be an argument that is provided to the payload upon execution at 510.
  • the program execution instruction may be directed at a portion of the payload.
  • the program execution instruction may refer by a program name or other relevant identifier, to one or more programs that are stored in a set of encrypted components of the payload.
  • a validity of execution of the payload may be performed.
  • the validity of execution may be a validity of the key that was input at 520.
  • the unencrypted component of the payload may receive the license key and may attempt to perform a decryption process with the license key (e.g., using a symmetric algorithm such as AES, or an asymmetric algorithm such as ABE) .
  • the validity of execution may be in response to a program execution instruction that was received at 530.
  • the validity may be based on the license key and may further be based on the particular program instruction that was received at 530.
  • the unencrypted component of the payload may begin by performing one or more decryption operations.
  • the decryption operations may be performed against every encrypted component of the set of components.
  • the entire license key may be provided as an argument to a decryption process along with a plain-text identifier that corresponds to a targeted encrypted component of the set of encrypted components.
  • the determination of validity may perform a decryption action of the decryption process to attempt to decrypt the identified program stored in an encrypted component of the set of components.
  • the decryption process may attempt to perform a decryption action using each encrypted attribute that is in the license key.
  • a given license key may be a string of values that represents forty-five encrypted attributes that correspond to forty-five programs that may be executed by a corresponding heterogeneous program payload.
  • the corresponding payload may contain seventy programs stored in seventy separate encrypted components.
  • the decryption process may decrypt only a request program, from the receive program execution instruction at 530, if one of the forty-five encrypted attributes corresponds to the cryptographically matched encrypted component.
  • the decryption process may be configured to receive the entire key without revealing any specific program attribute that corresponds to a program stored in an encrypted component.
  • the decryption process may not reveal any unencrypted version of an encrypted attribute, and may not delineate, provide as output, or as an observable intermediate (e.g., in a primary storage, in a memory, or in a register of a processor) any unencrypted form of the encrypted attributes that form the license key.
  • an observable intermediate e.g., in a primary storage, in a memory, or in a register of a processor
  • the decrypted program may be loaded at 560.
  • the decrypted program 560 may be the only program that is loaded. Stated another way, any encrypted component that is not the requested program does not get decrypted at 560.
  • the decrypted program 560 may be loaded securely. For example, a processor may allocate a secure (e.g., sandboxed, private) portion of a RAM or cache for holding the decrypted program during execution.
  • Denial at 570 may be an indication, output, or other message describing the denial. For example, a message may be generated that states “program access not permitted” to a file. In another example, a message may be generated that states “invalid input” to an output or screen buffer of a computer. Denial at 570 may include program termination of the unencrypted component of the heterogeneous program payload, without any communication of the reason for program termination.
  • method 500 ends at 595.
  • FIG. 6 depicts an example method 600 for creation of components of a HESS for providing to a client system, consistent with some embodiments of the disclosure.
  • Method 600 may be performed by a central computer, such as computer 100.
  • Method 600 may be performed by a cloud provider, such as cloud computing environment 50.
  • Method 600 may be performed by a software creator before distributing or otherwise providing software.
  • method 600 may be executed as part of an integrated development environment to generate a new version of software to correct a bug, or to expand or create new features.
  • a request may be received at 610.
  • the request may be input as part of a script for generating software or generating licenses to the software.
  • the request at 610 may include one or more parameters such as build information, software version information, license names, client names, license permissions, or other relevant parameters.
  • the request at 610 may include a reference to a software that is unsecured.
  • the request may include a pointer to a location of a set of one or more programs that are in an unencrypted format stored as a part of a binary, or as source code functions, or as one or more files and/or folders of a software archive file.
  • a set of one or more program attributes may be assigned at 630.
  • the assignment of attributes may include assigning a single attribute for every program of a software that is to be a part of the payload. Specifically, if a given piece of software has 135 distinct programs, then 135 program attributes may be assigned to the respective distinct programs. For example, if a developer is generating a new payload for distribution that includes four distinct programs, attributes “F1” , “F2” , “F3” , and “F4” may be assigned to the first program, the second program, the third program, and the forth program, respectively.
  • a heterogeneous program payload may be generated.
  • the program may be generated based on a first encryption process.
  • the first encryption process may include the execution of an encryption algorithm that generates the heterogeneous program payload.
  • the payload could have been encrypted via symmetric encryption algorithms such as AES- 128 or higher key length, or with asymmetric encryption algorithms such as RSA-2048 or ECDSA-224 or higher key length, or with attribute based encryption schemes such as KP-ABE or CP-ABE.
  • the first encryption process may take, in any order, three inputs.
  • the first encryption process may take as the first input, the unsecured payload that was part of the request (received at 610) .
  • the first encryption process may take as the second input, the assigned program attributes.
  • the first encryption process may take as the third input, a primary key.
  • the primary key may be a key, value, string, or other series of words or characters of sufficient length (e.g., 1024 bits) .
  • the first encryption process may error out, or return an error code, if one or more of the inputs is incomplete or missing. For example, if an unsecured payload contains four programs and the first encryption process is given only three program attributes, the first encryption process may return an error.
  • a set of one or more encrypted components may be generated (e.g., as a result or output of the first encryption process) .
  • an unsecured component may be combined with the encrypted components (e.g., substantially contemporaneous with, just before, or just after, the first encryption process creates the set of encrypted components) .
  • the unencrypted component may be combined with the set of encrypted components by compilation, grouping, archiving, embedding, or otherwise combining the unencrypted component and the set of encrypted components.
  • the unencrypted component may be an output of the first encryption process. For example, as one output of the first encryption process a decryption process may be generated.
  • the decryption process may take as input one or more of the program attributes, such as a subset of the program attributes (e.g., in an encrypted form) .
  • the request (received at 610) for a new key, may include one or more permissions, references, values, or relevant identifiers of the programs that are to be permitted to be executed by a given heterogeneous program payload, and a reference to the given heterogeneous program payload.
  • the one or more permissions may be an instance or first subset of the set of program attributes. For example, an entire set of program attributes may include thirty-five program attributes corresponding to each program that is stored (in an encrypted form) in a heterogeneous program payload.
  • the received permissions may include a subset of the program attributes, including the third program attribute, the twelfth program attribute, and the thirtieth program attribute.
  • a random value may be obtained at 670.
  • the random value may be a random string of characters.
  • the random value may be a random series of words.
  • the random value may be of a sufficient length or size (e.g., 256 bits) .
  • a license key may be generated at 680.
  • the license key may be generated by a second encryption process.
  • the second encryption process may be a relevant encryption process.
  • the second encryption process may include three inputs.
  • the first input may be the subset of the program attributes (e.g., the program attributes that correspond to the programs that are to be permitted access to execution by the, to be generated, license key) .
  • the second input may be the random value.
  • the third input may be the primary key.
  • the output of the second encryption process may be the license key.
  • the license key may be a series of values, string of characters, or other relevant cryptographic output.
  • the license key may include a set of encrypted program attributes that correspond to the subset of encrypted components of the heterogeneous program payload that are permitted to be decrypted for execution.
  • the license key may not delineate, separate, or otherwise indicate where a first encrypted program attribute ends and where a second encrypted program attribute ends.
  • the use of the random value may ensure that encrypted program attributes are not discernable by comparing two keys. For example, given a first subset of program attributes, and a first random number, and the primary key, a license key generated at 680 may be a string with “skZ
  • E"8'wBfbye-7 [$$p7uNM2HLi>NZgOrAYFO&kjhlX ⁇ QQ Oyrb#s ⁇ R-+8%h, X” values.
  • method 600 ends at 695.
  • the present invention may be a system, a method, and/or a computer program product at any possible technical detail level of integration
  • the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention
  • the computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.
  • the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • a non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , a static random access memory (SRAM) , a portable compact disc read-only memory (CD-ROM) , a digital versatile disk (DVD) , a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing.
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • SRAM static random access memory
  • CD-ROM compact disc read-only memory
  • DVD digital versatile disk
  • memory stick a floppy disk
  • a mechanically encoded device such as punch-cards or raised structures in a groove having instructions
  • a computer readable storage medium is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable) , or electrical signals transmitted through a wire.
  • Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
  • Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, configuration data for integrated circuitry, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++, or the like, and procedural programming languages, such as the "C" programming language or similar programming languages.
  • the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN) , or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider) .
  • electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA) , or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.
  • These computer readable program instructions may be provided to a processor of a computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function (s) .
  • the functions noted in the blocks may occur out of the order noted in the Figures.
  • two blocks shown in succession may, in fact, be accomplished as one step, executed concurrently, substantially concurrently, in a partially or wholly temporally overlapping manner, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

Une première copie d'une charge utile de programme hétérogène est fournie à un premier dispositif informatique. La charge utile de programme hétérogène contient un composant non chiffré et un ensemble d'un ou de plusieurs composants chiffrés. L'ensemble de composants chiffrés correspond à un ensemble d'un ou de plusieurs programmes. Le composant non chiffré de la charge utile de programme hétérogène comprend un code de programme de chargeur configuré pour recevoir une première clé de licence. Le code de programme de chargeur est configuré pour, en réponse à la réception de la première clé de licence, effectuer une action de déchiffrage contre l'ensemble de composants chiffrés de la charge utile de programme hétérogène.
PCT/CN2021/106794 2020-09-29 2021-07-16 Accès à un logiciel par chiffrement hétérogène WO2022068322A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2023518437A JP2023542527A (ja) 2020-09-29 2021-07-16 ヘテロジニアス暗号化を通したソフトウェア・アクセス
DE112021005119.9T DE112021005119T5 (de) 2020-09-29 2021-07-16 Zugriff auf software durch heterogene verschlüsselung
CN202180066382.6A CN116249980A (zh) 2020-09-29 2021-07-16 通过异构加密的软件访问
GB2305751.6A GB2614677A (en) 2020-09-29 2021-07-16 Software access through heterogeneous encryption

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/036,577 US12001523B2 (en) 2020-09-29 2020-09-29 Software access through heterogeneous encryption
US17/036,577 2020-09-29

Publications (1)

Publication Number Publication Date
WO2022068322A1 true WO2022068322A1 (fr) 2022-04-07

Family

ID=80822505

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/106794 WO2022068322A1 (fr) 2020-09-29 2021-07-16 Accès à un logiciel par chiffrement hétérogène

Country Status (6)

Country Link
US (1) US12001523B2 (fr)
JP (1) JP2023542527A (fr)
CN (1) CN116249980A (fr)
DE (1) DE112021005119T5 (fr)
GB (1) GB2614677A (fr)
WO (1) WO2022068322A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664836A (zh) * 2022-11-07 2023-01-31 海光信息技术股份有限公司 数据传输方法、装置、计算机设备及存储介质

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12019778B1 (en) * 2023-11-22 2024-06-25 Verkada Inc. Systems and methods to perform end to end encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001001316A2 (fr) * 1999-06-30 2001-01-04 Ac Properties Bv Systeme, procede et article de fabrication permettant de distribuer un logiciel electronique, mecanisme de paiement apres telechargement a capacites de cryptage
US20010056539A1 (en) * 1996-12-04 2001-12-27 Dominique Vincent Pavlin Software protection device and method
CN1863038A (zh) * 2005-05-12 2006-11-15 中国电信股份有限公司 对终端设备中应用程序实施控制和管理的方法
CN1877595A (zh) * 2006-07-19 2006-12-13 北京飞天诚信科技有限公司 一种软件版权保护方法
CN103856481A (zh) * 2012-11-30 2014-06-11 辉达公司 使用在线认证和经加密代码执行的代码保护
CN108388439A (zh) * 2018-03-27 2018-08-10 深圳市路畅科技股份有限公司 一种车载软件的更新方法、系统、装置及可读存储介质
CN110998571A (zh) * 2017-07-24 2020-04-10 微软技术许可有限责任公司 对在计算设备上安装的应用的离线激活

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5598470A (en) 1994-04-25 1997-01-28 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block
US5563946A (en) 1994-04-25 1996-10-08 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for passing encrypted files between data processing systems
US6052780A (en) 1996-09-12 2000-04-18 Open Security Solutions, Llc Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information
US6006190A (en) 1997-04-28 1999-12-21 Tartaroukos Llc Computer implemented method and a computer system for enforcing software licenses
US6920567B1 (en) * 1999-04-07 2005-07-19 Viatech Technologies Inc. System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files
US20080082446A1 (en) * 1999-10-01 2008-04-03 Hicks Christian B Remote Authorization for Unlocking Electronic Data System and Method
US6460140B1 (en) * 1999-12-30 2002-10-01 Starnet Communications Corporation System for controlling the use of licensed software
US20070271191A1 (en) * 2000-03-09 2007-11-22 Andres Torrubia-Saez Method and apparatus for secure distribution of software
AU7593601A (en) * 2000-07-14 2002-01-30 Atabok Inc Controlling and managing digital assets
JP4743984B2 (ja) * 2001-03-23 2011-08-10 三洋電機株式会社 データ記録装置
CN100354786C (zh) * 2002-07-09 2007-12-12 富士通株式会社 开放型通用抗攻击cpu及其应用系统
US7734550B1 (en) * 2003-10-07 2010-06-08 Microsoft Corporation Method and system for identifying the controlling license for installed software
WO2007063433A2 (fr) * 2005-10-17 2007-06-07 Nxp B.V. Chiffrement d'image executable par programme
JP5034498B2 (ja) 2006-02-20 2012-09-26 株式会社日立製作所 ディジタルコンテンツの暗号化,復号方法,及び,ディジタルコンテンツを利用した業務フローシステム
US20080313743A1 (en) * 2007-06-13 2008-12-18 Brian Chan Network Software License Management and Piracy Protection
US20090080658A1 (en) 2007-07-13 2009-03-26 Brent Waters Method and apparatus for encrypting data for fine-grained access control
CN102656591B (zh) 2009-12-18 2015-12-16 皇家飞利浦电子股份有限公司 使用基于属性的加密的数字权利管理
CN102360412B (zh) * 2011-09-26 2014-07-02 飞天诚信科技股份有限公司 Java源代码的保护方法和系统
US8725649B2 (en) * 2011-12-08 2014-05-13 Raytheon Company System and method to protect computer software from unauthorized use
US20150121073A1 (en) * 2012-03-23 2015-04-30 Irdeto B.V. Software fingerprinting

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056539A1 (en) * 1996-12-04 2001-12-27 Dominique Vincent Pavlin Software protection device and method
WO2001001316A2 (fr) * 1999-06-30 2001-01-04 Ac Properties Bv Systeme, procede et article de fabrication permettant de distribuer un logiciel electronique, mecanisme de paiement apres telechargement a capacites de cryptage
CN1863038A (zh) * 2005-05-12 2006-11-15 中国电信股份有限公司 对终端设备中应用程序实施控制和管理的方法
CN1877595A (zh) * 2006-07-19 2006-12-13 北京飞天诚信科技有限公司 一种软件版权保护方法
CN103856481A (zh) * 2012-11-30 2014-06-11 辉达公司 使用在线认证和经加密代码执行的代码保护
CN110998571A (zh) * 2017-07-24 2020-04-10 微软技术许可有限责任公司 对在计算设备上安装的应用的离线激活
CN108388439A (zh) * 2018-03-27 2018-08-10 深圳市路畅科技股份有限公司 一种车载软件的更新方法、系统、装置及可读存储介质

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664836A (zh) * 2022-11-07 2023-01-31 海光信息技术股份有限公司 数据传输方法、装置、计算机设备及存储介质
CN115664836B (zh) * 2022-11-07 2023-10-03 海光信息技术股份有限公司 数据传输方法、装置、计算机设备及存储介质

Also Published As

Publication number Publication date
JP2023542527A (ja) 2023-10-10
US12001523B2 (en) 2024-06-04
CN116249980A (zh) 2023-06-09
US20220100822A1 (en) 2022-03-31
GB2614677A (en) 2023-07-12
DE112021005119T5 (de) 2023-07-20
GB202305751D0 (en) 2023-05-31

Similar Documents

Publication Publication Date Title
US10614233B2 (en) Managing access to documents with a file monitor
US12105805B2 (en) Binding secure keys of secure guests to a hardware security module
US11005847B2 (en) Method, apparatus and computer program product for executing an application in clouds
US10171502B2 (en) Managed applications
CN113544675A (zh) 安全执行客户机所有者环境控制符
TWI786373B (zh) 用於安全介面控制之安全執行客體所有者控制之電腦實施方法、電腦系統及電腦程式產品
WO2022068322A1 (fr) Accès à un logiciel par chiffrement hétérogène
JP2023551527A (ja) 準同型暗号化を使用したセキュアなコンピューティング・リソース配置
US20170005798A1 (en) Binding software application bundles to a physical execution medium
US10223526B2 (en) Generating packages for managed applications
EP3298534B1 (fr) Création de multiples espaces de travail dans un dispositif
US11989282B2 (en) Open-source container data management
US11522683B2 (en) Multi-phase protection for data-centric objects
US11531628B2 (en) Protecting cache accesses in multi-tenant processing environments
US12099614B2 (en) Secrets swapping in code
US11645092B1 (en) Building and deploying an application
US11640249B2 (en) Access verification on portable mass storage devices
US11882123B2 (en) Kernel level application data protection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21873984

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2023518437

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 202305751

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20210716

122 Ep: pct application non-entry in european phase

Ref document number: 21873984

Country of ref document: EP

Kind code of ref document: A1